Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2022-46870

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.

Published: Dec 16, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-46870
GHSA: GHSA-9p8j-hrgf-jc2g
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apache / zeppelin	-	0.8.2
org.apache.zeppelin / zeppelin	-	0.8.2

https://lists.apache.org/thread/gb1wdnrm1095xw6qznpsycfrht4lwbwc

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo